Google Chrome 70 To Double Down On Security From October


Third party image reference

In short: Chrome 70 is scheduled to begin rolling out to the Stable Channel on October 16 and will bring a number of security refinements and minor performance improvements, as well as media tweaks. The browser will no longer display operating system build numbers in the user-agent identification header on Android. For iOS users, that change will follow the platform’s standards and simply freeze the number at “15E148.” Other information about devices will still be displayed in the header, such as WebKit versions and basic device information. Beyond that, TouchID fingerprint scanning support is set to be added via the Web Authentication API for desktop platforms. Users will also notice that further UI changes are incorporated to highlight security on desktop platforms. Specifically, HTML 5 sites that enter fullscreen will lost that immersive attribute when a page is encountered that isn’t secure or for which dialog is shown.

For media and inputs, Google is finally adding Web Bluetooth features for Windows users, allowing sites to securely connect to nearby Bluetooth peripherals and devices. That will, as with other platforms, be accessible via an experiment flag setting. In that same vein, WebUSB is being enabled in dedicated workers to allow process thread separation between input devices and primary page code for better performance of the main thread. For both mobile and desktop platforms, meanwhile, web developers will now be able to set “Priority Hints” that indicate the importance of page attributes including type, visibility, and preload status. Those will be settable to auto, high, or low. Finally, AV1 decoding support is being added for all desktop platforms, in addition to barcode or QR code, face, and text detection across all platforms via the Shape Detection API.

Background: Many of the new features and inclusions are effectively building on previous implementations in Chrome or refining those. For example, giving developers the ability to support priority hints to page attributes builds on previously noted ‘lazy loading‘ features, introduced to Canary builds in Chrome 69. A page leaving fullscreen mode, on the other hand, builds on another recent inclusion which removed “safe” dialog from the Chrome Omnibox. That meant that only unsafe websites are shown, highlighted by information which appears in that URL bar in a red coloration. By forcing unsafe pages or pages that show a dialog to leave fullscreen mode, users will be able to see the context of any dialog boxes in relation to how safe the page might be. In fact, even if the page hasn’t been marked as unsafe by Google, it provides users an opportunity to look for URL address changes which might point to other problems with that dialog. Meanwhile, Web Bluetooth features were included on all other platforms as early as Chrome 57 and the addition to Windows effective represents a completion of the rollout.

Impact: In general, the changes being implemented here will make Chrome and its subsequent variations more secure by both highlighting more acutely when things aren’t and adding support for more login protection options. At the same time, security is also bolstered by the removal of unnecessary attributes that identify what device is accessing a site and securing Bluetooth channels. Simultaneously, performance will be more customizable from a developer perspective thanks to the added ability to prioritize things further and separate processes to their own threads for high-intensity, highly interactive sites or web apps. Finally, the addition of support for incoming next-generation audio compression and modern detection algorithms will improve user experiences and offer new ones as well. In the meantime, there will almost certainly be even more changes arriving in Chrome OS 70 and some of the features currently planned and available in beta channels might change or be pushed back.

Post a Comment

Previous Post Next Post